This class represents the ASN.1 structure of the archive-time-stamp-v3 attribute as specified in
ETSI TS 101 733 and ETSI EN 319 122-1. It includes a timestamp of type TimeStampToken
(TimeStampToken) with an unsigned attribute of type AtsHashIndex.
The message imprint for an archive timestamp contains the content type, content hash, the signer
info fields version, sid, digest algorithm, signed attributes, signature algorithm and signature
as well as the unsigned attribute of type AtsHashIndex.
Before adding an archive timestamp, all data necessary for signature verification shall be
included in the signature. The hashes of this data are included in the AtsHashIndex attribute and
therefore protected by the archive timestamp. Only protected data shall be used for verifying a
signature protected by an archive timestamp.
Use getAtsHashIndex() to extract the AtsHashIndex object and to further retrieve the
protected data.

ArchiveTimeStampv3

Creates a TimeStampToken from its ASN.1 representation. To be able to verify the timestamp
using verifyTimeStampToken(X509Certificate) the imprint of the data protected by this
timestamp is set internally by using this constructor. The given protectedDataImprint is the
digest of the protected data using the same digest algorithm as used in the given timestamp
object.

Parameters:

timestampToken - the timestamp object as ASN.1 object

protectedDataImprint - the imprint of the data protected by this timestamp

verifyTimeStampToken

Verify this archive timestamp's signature and ensure that the timestamp's imprint corresponds
to the expected imprint. To verify the signature value the given TSA certificate is used. If
the given TSA certificate is null and this timestamp contains the corresponding TSA
certificate, the included TSA certificate is used.

Parameters:

tsa_certificate - the certificate of the timestamp authority

Throws:

CmsCadesException - if the imprint is invalid or the timestamp token could not be parsed or no TSA
certificate is available

iaik.tsp.TspVerificationException - if this timestamp's signature could not be verified